TLS cert generation for sipp uas

README.md

@@ -15,4 +15,20 @@ kamailio configurations and associated files for various usecases and role that
 * WebRTC WS SIP Server
 
 
-Note : Used kamailio v5.x , many old exmaples and sample configs from older wiki sources have been updated here too
+Note : Used kamailio v5.x , many old exmaples and sample configs from older wiki sources have been updated here too
+
+## TLS protocol method
+
+Possible values are:
+- TLSv1.2 - only TLSv1.2 connections are accepted (available starting with openssl/libssl v1.0.1e)
+- TLSv1.1+ - TLSv1.1 or newer (TLSv1.2, ...) connections are accepted (available starting with openssl/libssl v1.0.1)
+- TLSv1.1 - only TLSv1.1 connections are accepted (available starting with openssl/libssl v1.0.1)
+- TLSv1+ - TLSv1.0 or newer (TLSv1.1, TLSv1.2, ...) connections are accepted.
+- TLSv1 - only TLSv1 (TLSv1.0) connections are accepted. This is the default value.
+- SSLv3 - only SSLv3 connections are accepted. Note: you shouldn't use SSLv3 for anything which should be secure.
+- SSLv2 - only SSLv2 connections, for old clients. Note: you shouldn't use SSLv2 for anything which should be secure. Newer versions of libssl don't include support for it anymore.
+- SSLv23 - any of the SSLv2, SSLv3 and TLSv1 or newer methods will be accepted.
+
+
+Ref :
+https://downloads2.goautodial.org/files/version4/etc/kamailio/kamailio-wss+sip.cfg

TLSonly/README.md

@@ -3,7 +3,7 @@
 Securinng signalling using TLS certificates to provide privacy to voip calls over public internet.
 I have used self signed certificate in this exmaple which is ok for dev enviornment for staging , beta or production env use third party certificate provider ( Letsencrypt etc , I will add more on that later )
 
-## Steps 
+## Steps for TLS module in kamailio
 
 Build tls module in kamailio src 
 ```

sipp/README.md

@@ -11,9 +11,41 @@ Example:
    On the same host, run SIPp with embedded client (uac) scenario:
      ./sipp -sn uac 127.0.0.1
 
-
-## Available options:
+## Building certs for TLS based sipp UAS server
+
+make master dir for all certs 
+```
+mkdir certs 
+chmod 0700 certs
+cd certs
+```
+make CA folder, create cert and check
+```
+mkdir demoCA
+cd demoCA
+mkdir newcerts
+echo '01' > serial
+touch index.txt
+openssl req -new -x509 -extensions v3_ca -keyout key.pem -out cert.pem -days 3650
+584  openssl x509 -in cert.pem -noout -text
+585  openssl x509 -in cert.pem -noout -dates
+586  openssl x509 -in cert.pem -noout -purpose
+```
+make domain folder and create the certs for the doamin from parent and check
+```
+cd ..
+mkdir 10.10.10.10
+cd ../..
+openssl ca -days 730 -out 10.10.10.10/cert.pem -keyfile demoCA/key.pem -cert demoCA/cert.pem -infiles 10.10.10.10/req.pem
+openssl x509 -in 10.10.10.10/cert.pem -noout -text
+```
+
+Run sipp
+```
+sipp -sn uas -p 5077 -t l1 -tls_key /home/ubuntu/certs/10.10.10.10/key.pem  -tls_cert /home/ubuntu/certs/10.10.10.10/cert.pem  -i 10.10.10.10
+```
 
+## Available options:
 
 *** Scenario file options:
 

sipp/uas_send_reINVITE_receive_BYE.xml

@@ -0,0 +1,125 @@
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+<!DOCTYPE scenario SYSTEM "sipp.dtd">
+
+<scenario name="UAS re-INVITE">
+
+	<!-- receive INVITE , set session ____________________________________________ -->
+
+    <recv request="INVITE" crlf="true">
+    <action>
+        <ereg regexp="sip:(.*)>" search_in="hdr" header="Contact" assign_to="4,5"/>
+        <assign assign_to="4" variable="5" />
+    </action>
+  </recv>
+
+  <send>
+    <![CDATA[
+
+      SIP/2.0 180 Ringing
+      [last_Via:]
+      [last_From:]
+      [last_To:];tag=[call_number]
+      [last_Call-ID:]
+      [last_CSeq:]
+      Contact: <sip:[local_ip]:[local_port];transport=[transport]>
+      Content-Length: 0
+
+    ]]>
+  </send>
+
+  <send retrans="500">
+    <![CDATA[
+
+      SIP/2.0 200 OK
+      [last_Via:]
+      [last_From:]
+      [last_To:];tag=[call_number]
+      [last_Call-ID:]
+      [last_CSeq:]
+      Contact: <sip:[local_ip]:[local_port];transport=[transport]>
+      Content-Type: application/sdp
+      Content-Length: [len]
+
+      v=0
+      o=user1 53655765 2353687637 IN IP[local_ip_type] [local_ip]
+      s=-
+      c=IN IP[media_ip_type] [media_ip]
+      t=0 0
+      m=audio [media_port] RTP/AVP 0
+      a=rtpmap:0 PCMU/8000
+
+    ]]>
+  </send>
+
+  <recv request="ACK" rtd="true" crlf="true">
+        <action>
+                <ereg regexp=".*" search_in="hdr" header="From" assign_to="3"/>
+                <ereg regexp=".*" search_in="hdr" header="To" assign_to="4"/>
+        </action>
+  </recv>
+
+
+    <pause milliseconds="5000"/>
+
+    <!-- send re-INVITE ______________________________________ -->
+
+    <send retrans="500">
+    <![CDATA[
+
+     INVITE sip:[$5] SIP/2.0
+     Via: SIP/2.0/UDP [local_ip]:[local_port];branch=[branch]
+     From[$4]
+     To[$3]
+     Call-ID: [call_id]
+     CSeq: [cseq] INVITE
+     Contact: <sip:[local_ip]:[local_port];transport=[transport]>
+     Max-Forwards: 70
+     User-Agent: SIPp/WinXP
+     Content-Type: application/sdp
+     Content-Length: [len]
+
+     v=0
+     o=user1 53655765 2353687637 IN IP[local_ip_type] [local_ip]
+     s=-
+     c=IN IP[media_ip_type] [media_ip]
+     t=0 0
+     m=audio [media_port] RTP/AVP 8
+     a=rtpmap:8 PCMA/8000
+
+    ]]>
+  </send>
+
+  <recv response="100">
+  </recv>
+
+  <recv response="503">
+  </recv>
+
+  <pause milliseconds="5000"/>
+
+  <recv request="BYE">
+  </recv>
+
+   <send retrans="500">
+    <![CDATA[
+
+      SIP/2.0 200 OK
+      [last_Via:]
+      [last_From:]
+      [last_To:];tag=[call_number]
+      [last_Call-ID:]
+      [last_CSeq:]
+      Contact: <sip:[local_ip]:[local_port];transport=[transport]>
+      Content-Length: 0
+
+    ]]>
+  </send>
+
+
+  <!-- definition of the response time repartition table (unit is ms)   -->
+  <ResponseTimeRepartition value="10, 20, 30, 40, 50, 100, 150, 200"/>
+
+  <!-- definition of the call length repartition table (unit is ms)     -->
+  <CallLengthRepartition value="10, 50, 100, 500, 1000, 5000, 10000"/>
+
+</scenario>

sipp/uas_send_reINVITE_send_BYE.xml

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8" ?>
-<scenario name="Basic UAS responder">
+<scenario name="UAS re-INVITE">
 
 
 <!-- receive INVITE , set session ____________________________________________ -->
@@ -22,26 +22,28 @@
   </send>
 
 <send>
-  <![CDATA[
-  SIP/2.0 200 OK
-  [last_Via:]
-  [last_From:]
-  [last_To:];tag=[call_number]
-  [last_Call-ID:]
-  [last_CSeq:]
-  [last_Record-route:]
-  Contact: <sip:[local_ip]:[local_port];transport=[transport]>
-  Content-Type: application/sdp
-  Content-Length: [len]
-
-  v=0
-  o=user1 53655765 2353687637 IN IP[local_ip_type] [local_ip]
-  s=-
-  c=IN IP[media_ip_type] [media_ip]
-  t=0 0
-  m=audio [media_port] RTP/AVP 0
-  a=rtpmap:0 PCMU/8000
-  ]]>
+    <![CDATA[
+
+    SIP/2.0 200 OK
+    [last_Via:]
+    [last_From:]
+    [last_To:];tag=[call_number]
+    [last_Call-ID:]
+    [last_CSeq:]
+    [last_Record-route:]
+    Contact: <sip:[local_ip]:[local_port];transport=[transport]>
+    Content-Type: application/sdp
+    Content-Length: [len]
+
+    v=0
+    o=user1 53655765 2353687637 IN IP[local_ip_type] [local_ip]
+    s=-
+    c=IN IP[media_ip_type] [media_ip]
+    t=0 0
+    m=audio [media_port] RTP/AVP 0
+    a=rtpmap:0 PCMU/8000
+    
+    ]]>
 </send>
 
 <recv request="ACK"  crlf="true"></recv>
@@ -51,69 +53,77 @@
 <!-- send re-INVITE ______________________________________ -->
 
 
-    <send retrans="500">
-        <![CDATA[
-
-         INVITE sip:[$5] SIP/2.0
-         Via: SIP/2.0/UDP [local_ip]:[local_port];branch=z9hG4bK1489807744192936848
-         From[$4]
-         To[$3]
-         Call-ID: [call_id]
-         CSeq: [cseq] INVITE
-         Contact: <sip:[local_ip]:[local_port];transport=[transport]>
-         Max-Forwards: 70
-         User-Agent: SIPp/WinXP
-         Content-Type: application/sdp
-         Content-Length: [len]
-
-         v=0
-         o=user1 53655765 2353687637 IN IP[local_ip_type] [local_ip]
-         s=-
-         c=IN IP[media_ip_type] [media_ip]
-         t=0 0
-         m=audio [media_port] RTP/AVP 8
-         a=rtpmap:8 PCMA/8000
+<send retrans="500">
+    <![CDATA[
 
-        ]]>
-    </send>
+     INVITE sip:[$5] SIP/2.0
+     Via: SIP/2.0/UDP [local_ip]:[local_port];branch=z9hG4bK1489807744192936848
+     From[$4]
+     To[$3]
+     Call-ID: [call_id]
+     CSeq: [cseq] INVITE
+     Contact: <sip:[local_ip]:[local_port];transport=[transport]>
+     Max-Forwards: 70
+     User-Agent: SIPp/WinXP
+     Content-Type: application/sdp
+     Content-Length: [len]
+
+     v=0
+     o=user1 53655765 2353687637 IN IP[local_ip_type] [local_ip]
+     s=-
+     c=IN IP[media_ip_type] [media_ip]
+     t=0 0
+     m=audio [media_port] RTP/AVP 8
+     a=rtpmap:8 PCMA/8000
 
-    <recv response="200" crlf="true"> </recv>
+    ]]>
+</send>
 
-    <send retrans="500">
-         <![CDATA[
+<recv response="200" crlf="true"> </recv>
 
-         ACK sip:[$5] SIP/2.0
-         Via: SIP/2.0/TCP [local_ip]:[local_port];branch=z9hG4bK1489807744192936848
-         From[$4]
-         To[$3]
-         Call-ID: [call_id]
-         CSeq: [cseq] ACK
-         Contact: <sip:[local_ip]:[local_port];transport=[transport]>
-         Max-Forwards: 70
+<send retrans="500">
+     <![CDATA[
 
-        ]]>
-    </send>
+     ACK sip:[$5] SIP/2.0
+     Via: SIP/2.0/TCP [local_ip]:[local_port];branch=z9hG4bK1489807744192936848
+     From[$4]
+     To[$3]
+     Call-ID: [call_id]
+     CSeq: [cseq] ACK
+     Contact: <sip:[local_ip]:[local_port];transport=[transport]>
+     Max-Forwards: 70
 
+    ]]>
+</send>
 
 
 <!-- send BYE ____________________________________________ -->
 
-<recv request="BYE"></recv>
-
 <send retrans="500">
-<![CDATA[
-
- SIP/2.0 200 OK
- [last_Via:]
- [last_From:]
- [last_To:];tag=[call_number]
- [last_Call-ID:]
- [last_CSeq:]
- Contact: <sip:[local_ip]:[local_port];transport=[transport]>
- Content-Length: 0
-
-]]>
+     <![CDATA[
+
+     BYE sip:[$5] SIP/2.0
+     Via: SIP/2.0/UDP [local_ip]:[local_port];branch=[branch]
+     From[$4]
+     To[$3]
+     Call-ID: [call_id]
+     CSeq: [cseq] BYE
+     Contact: <sip:[local_ip]:[local_port];transport=[transport]>
+     Max-Forwards: 70
+     User-Agent: SIPp/WinXP
+     Content-Type: application/sdp
+     Content-Length: 0
+
+    ]]>
 </send>
 
+<recv response="200">
+</recv>
+
+<!-- definition of the response time repartition table (unit is ms)   -->
+<ResponseTimeRepartition value="10, 20, 30, 40, 50, 100, 150, 200"/>
+
+<!-- definition of the call length repartition table (unit is ms)     -->
 <CallLengthRepartition value="10, 50, 100, 500, 1000, 5000, 10000"/>
-</scenario>
+
+</scenario>